Five Ways to Protect Against DDoS Attacks - Slide 5

Once you have identified the attack fingerprint, it is time to set up a block within your firewall or router to drop the majority of packets. However, a high-bandwidth attack may simply exhaust your WAN link: You’ll have a clean LAN, but your service will still be unreachable. Contact your carrier now to figure out how to work with them during a DDoS attack, in case they need to do the blocking for you.

Some service providers offer “clean pipe” hosting with automatic DDoS squelching. There are also companies who offer products and services to detect and prevent DDoS. Depending on the specifics of your service, it may make financial sense to pay for one of these solutions. Don’t forget the option of simply hosting the service somewhere large enough to absorb the attack – but remember that DDoS against sites that charge by bandwidth can result in unexpectedly high bills.

Distributed denial of service (DDoS) attacks are able to take out an entire site in a matter of minutes. Firewalls and traditional tools like intrusion detection and prevention systems cannot always mitigate the security risks associated with these threats.

New techniques and technologies in DDoS attacks can be more aggressive than their DoS predecessors and require a different kind of approach to network security. This slideshow features some of the tricks and tools, identified by Jim MacLeod, product manager at WildPackets, that can be employed to hinder the flow of a DDoS attack.